VirusRescue

Description:	Rogue Security Program
Risk Level:	Low
Date of First Occurence:	Tuesday, April 15, 2008
Software Developer:	(unknown)
Brief Info:	Rogue/Suspect Anti-Spyware Product "Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Removal:	This threat can be removed using "Spyware Terminator"

RIMUOVI SPYWARE »

Geographical Distribution of Threat "VirusRescue"

Threat Info

View All

Detected Items

Detected Files: %PROGRAMFILES%\VirusRescue\uninst.exe MD5: E2158EF500C94FBFCA0B14627BA59A9C Size:41148 MD5: 68002FB306FA8DC266B248326BFFAFFE Size:41148 %PROGRAMFILES%\VirusRescue\VirusRescue.exe MD5: 865EADC214E013698062F33D73D6C576 Size:2060288 %PROGRAMFILES%\VirusRescue\vrExt.dll MD5: AA37F5395CB29B2397EA657C7BF7E0EC Size:46592
Detected Files with variable Filenames: MD5: 150829DCFCF2EFC0FFAAB44D1FB90AA2 Size: 77824 %PROGRAMFILES%\VirusRescue\vrExt.dll %PROGRAMFILES%\VirusRescue\vrext.dll.ren MD5: 4B5A639C8C89E266DA2E7719E97932ED Size: 228932 %PROGRAMFILES%\VirusRescue\stopapi4.dll %PROGRAMFILES%\VirusRescue\stopapi4.dll.ren MD5: 9405874776E41934A63D646A41914D18 Size: 41028 %PROGRAMFILES%\VirusRescue\pl.dll %PROGRAMFILES%\VirusRescue\pl.dll.ren MD5: 8D74B73E3DC2056B27725E129212E8ED Size: 43100 %PROGRAMFILES%\VirusRescue\kernel40.dll %PROGRAMFILES%\VirusRescue\kernel40.dll.ren MD5: 77ADF43B09A00CE9EA205AA4F9E86D1E Size: 64604 %PROGRAMFILES%\VirusRescue\asc4.dll %PROGRAMFILES%\VirusRescue\asc4.dll.ren MD5: 968F1E411FA5865794E7766868B36B57 Size: 2031616 %PROGRAMFILES%\VirusRescue\VirusRescue.exe %PROGRAMFILES%\VirusRescue\virusrescue.exe.ren MD5: 439BBFB055FB8A9604E71969D8A99E31 Size: 57344 %PROGRAMFILES%\VirusRescue\vrsvc.exe %PROGRAMFILES%\VirusRescue\vrsvc.exe.ren MD5: 68002FB306FA8DC266B248326BFFAFFE Size: 41148 %PROGRAMFILES%\VirusRescue\uninst.exe %PROGRAMFILES%\VirusRescue\uninst.exe.ren

Detecting items list:

Files by Name %ProgramFiles%\VirusRescue\OE.api %ProgramFiles%\VirusRescue\OE4.api %ProgramFiles%\VirusRescue\TheBAT.api %ProgramFiles%\VirusRescue\UnACE.api %ProgramFiles%\VirusRescue\UnARJ.api %ProgramFiles%\VirusRescue\UnMSCAB.api %ProgramFiles%\VirusRescue\VirusRescue.exe %ProgramFiles%\VirusRescue\VirusRescue.tlb %ProgramFiles%\VirusRescue\VirusRescue.url %ProgramFiles%\VirusRescue\asc4.dll %ProgramFiles%\VirusRescue\backdoor.avb %ProgramFiles%\VirusRescue\base.dat %ProgramFiles%\VirusRescue\ca.avb %ProgramFiles%\VirusRescue\config.ini %ProgramFiles%\VirusRescue\daily.avb %ProgramFiles%\VirusRescue\kernel4.avb %ProgramFiles%\VirusRescue\kernel40.dll %ProgramFiles%\VirusRescue\malware.avb %ProgramFiles%\VirusRescue\pl.dll %ProgramFiles%\VirusRescue\stop.set %ProgramFiles%\VirusRescue\stopapi4.dll %ProgramFiles%\VirusRescue\uninst.exe %ProgramFiles%\VirusRescue\virusdos.avb %ProgramFiles%\VirusRescue\virusw32.avb %ProgramFiles%\VirusRescue\vrExt.dll %ProgramFiles%\VirusRescue\vrsvc.exe %ProgramFiles%\VirusRescue\weekly.avb %APPDATA%\Microsoft\Internet Explorer\Quick Launch\VirusRescue v?.*.lnk %DESKTOP%\VirusRescue v?.*.lnk %TEMP%\VRLanguage.ini %START_PROGRAMS%\VirusRescue\VirusRescue v* Un-Installer.lnk %START_PROGRAMS%\VirusRescue\VirusRescue v* Website.lnk %START_PROGRAMS%\VirusRescue\VirusRescue v?.*.lnk %START_MENU%\VirusRescue v?.*.lnk
Files by Directories %ProgramFiles%\VirusRescue %START_PROGRAMS%\VirusRescue
Files by CLSID or Name CLSID=598CA4D5-6870-47F0-B513-E3EFBA809B22 CLSID=753D7DED-2454-44A3-959D-DC3700FC6B6E CLSID=CF79DAB6-0AFE-4678-856D-44574D91915C CLSID=F80DB5A5-A885-7370-4983-841F62A80AF2
Registry Keys HKCR\VRExt.VRShlExt HKCR\VRExt.VRShlExt.1 HKCR\AppID\VRExt.DLL HKCR\?\shellex\ContextMenuHandlers\VRShlExt HKCR\AppID\{53A8703F-53BF-4C44-8DAF-FA254A1E1B8C} HKCR\AppID\{CF79DAB6-0AFE-4678-856D-44574D91915C} HKCR\Folder\shellex\ContextMenuHandlers\VRShlExt HKCR\Interface\{598CA4D5-6870-47F0-B513-E3EFBA809B22} HKCR\Interface\{679B00B5-0783-4DE4-A478-7227FDD50825} HKCR\TypeLib\{2E88F662-2027-421D-9874-F3DBC2207BAB} HKCR\TypeLib\{C7DF0578-D732-4BFB-A65B-89C1CCEA01CC} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virusrescue.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRescue HKLM\SOFTWARE\VirusRescue
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=VirusRescue

« Go to Software Database

Cerca nel nostro database dei software

Sfoglia il database dei software

Ultimissime notizie sui Malware

23. settembre 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notizie sui vecchi malware »